vCloud Networking and Security 5.1 App Firewall – Part 3

In the previous two vCloud Networking and Security App Firewall blogs we looked at installation and policy management. In this blog, let’s take a look at how to handle day-to-day operations of App Firewall. Following topics are covered in this blog.

App Firewall Flow Monitoring Capabilities
App Firewall Syslog Management
App Firewall Show History and Load History options
App Firewall Configuration Backup
App Firewall CLIs

App Firewall Flow Monitoring Capabilities

The Flow Monitoring feature of the vCloud Networking and Security App firewall provides the required visibility and monitoring by displaying network activity between virtual machines at the application protocol level. You can use this information to audit network traffic, define and refine firewall policies, and identify threats to the network.

In the vCloud Networking and Security Manager Flow Monitoring dashboard shown above, the bar on the top of the page shows the percentage of allowed traffic in green and blocked traffic in red.

Traffic statistics are displayed in three tabs:

Top Flows displays the total incoming and outgoing traffic per service over the specified time period. The top five services are displayed.
Top Destinations displays incoming traffic per destination over the specified time period. The top five destinations are displayed.
Top Sources displays outgoing traffic per source over the specified time period. The top five sources are displayed.

Clicking the Details link on the Flow Monitoring dashboard shows Allowed Flows and Blocked Flows for various services. Flow Monitoring Details, Blocked Flows view is shown below.

Clicking an item in the Flow Monitoring Details shows the rule that allowed or blocked the traffic. Use Add Rule / Edit Rule link to create/edit the firewall rule.

App Firewall Syslog Management

The vCloud Networking and Security App firewall virtual appliance supports syslog export to remote servers. After the vCloud Networking and Security App firewall is installed, syslog servers can be configured as shown below. App Firewall logging is controlled on a per firewall rule basis. Check the “Log” option as shown below to enable logging.

Syslog message generated by App Firewall is shown below. Every syslog message generated by App Firewall contains a ‘Rule ID’ as pointed.

The ‘Rule ID’ column is not displayed by default in the App Firewall rule table. We can display ‘Rule ID’ by ticking the check box next to ‘Rule ID’ in the drop down list shown in below screen.

App Firewall – Show History and Load History

The vCloud Networking and Security Manager saves the App Firewall settings each time new firewall rules are published. The vCloud Networking and Security Manager saves the previous ten configurations.

Use the Load History option to revert the vCloud Networking and Security App Firewall configuration to a previous version.

App Firewall Configuration Backup

It is a good practice to periodically backup vCloud Networking and Security Manager data, which can include configuration, events, and audit log tables. Configuration tables are included in every backup. However, we can exclude system and audit log events. vCloud Networking and Security Manager saves backup to a remote location that is accessible by FTP or SFTP. Backup can be executed according to a schedule or on demand. The setup screen for scheduled backups shown below. In the event of Manager failure, we can use the saved backup to restore it.

App Firewall CLIs

The App Firewall Command Line Interface (CLI) comes in handy for monitoring and troubleshooting. CLIs can be executed by login to App Firewall virtual machine console from vCenter or by remote access using SSH (By default username is “admin”, password is “default”, and enable mode password is “default”). Enable SSH access to App Firewall using “cli ssh allow” command.

Few examples of App Firewall CLI commands: